Welcome to Rappler, a social news network where stories inspire community engagement and digitally fuelled actions for social change. Rappler comes from the root words "rap" (to discuss) + "ripple" (to make waves).

British Airways fined £183m over computer theft of passenger data

In a statement, IAG says the UK Information Commissioner’s Office intends to issue the airline with a penalty notice under the UK Data Protection Act, totalling £183.39 million or around $229.7 million

BRITISH AIRWAYS. A British Airways Airbus A320 commercial plane with registration G-TTOB is landing at Geneva Airport on March 22, 2019 in Geneva. Photo by Fabrice Coffrini/AFP

LONDON, United Kingdom – British Airways has been fined more than £183 million after computer hackers last year stole bank details from hundreds of thousands of passengers, its parent group IAG said Monday, July 8.

In a statement, IAG said the UK Information Commissioner’s Office intends to issue the airline with a penalty notice under the UK Data Protection Act, totalling £183.39 million ($229.7 million, 205 million euros).

The fine is equivalent to 1.5% of British Airways' turnover in 2017, IAG added.

IAG chief executive Willie Walsh said it would consider appealing the fine as it seeks "to take all appropriate steps to defend the airline's position vigorously".

BA's CEO Alex Cruz said the airline was "surprised and disappointed" by the punishment.

"British Airways responded quickly to a criminal act to steal customers' data," he said in the statement.

"We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused," Cruz added.

However the 15-day breach, which was fixed on discovery, did not involve travel or passport details.

Following disclosure of the hack, BA promised to compensate affected customers and took out full-page adverts in the UK newspapers to apologise to passengers.

It had meanwhile described the mass theft as "a very sophisticated, malicious, criminal attack on our website".

IAG is the owner of 5 airlines, including also Aer Lingus, Iberia, Level and Vueling, none of which were affected by the hack.

GDPR establishes the key principle that individuals must explicitly grant permission for their data to be used.

The case for the new rules had been boosted by a scandal over the harvesting of Facebook users' data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election. – Rappler.com

Would you like to share your vote?

Welcome to Rappler, a social news network where stories inspire community engagement and digitally fuelled actions for social change. Rappler comes from the root words "rap" (to discuss) + "ripple" (to make waves).